diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index c10ad38..72018ee 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -3381,7 +3381,7 @@ index 644d4d7..51181b8 100644
+/usr/lib/ruby/gems/.*/agents(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/virtualbox/VBoxManage -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
-index 9e9263a..979f47f 100644
+index 9e9263a..43cdcb9 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -8,6 +8,22 @@
@@ -3508,7 +3508,15 @@ index 9e9263a..979f47f 100644
mmap_files_pattern($1, bin_t, bin_t)
')
-@@ -954,6 +999,24 @@ interface(`corecmd_exec_chroot',`
+@@ -945,6 +990,7 @@ interface(`corecmd_shell_domtrans',`
+ interface(`corecmd_exec_chroot',`
+ gen_require(`
+ type chroot_exec_t;
++ type bin_t;
+ ')
+
+ read_lnk_files_pattern($1, bin_t, bin_t)
+@@ -954,6 +1000,24 @@ interface(`corecmd_exec_chroot',`
########################################
##
@@ -3533,7 +3541,7 @@ index 9e9263a..979f47f 100644
## Get the attributes of all executable files.
##
##
-@@ -1012,6 +1075,10 @@ interface(`corecmd_exec_all_executables',`
+@@ -1012,6 +1076,10 @@ interface(`corecmd_exec_all_executables',`
can_exec($1, exec_type)
list_dirs_pattern($1, bin_t, bin_t)
read_lnk_files_pattern($1, bin_t, exec_type)
@@ -3544,7 +3552,7 @@ index 9e9263a..979f47f 100644
')
########################################
-@@ -1049,6 +1116,7 @@ interface(`corecmd_manage_all_executables',`
+@@ -1049,6 +1117,7 @@ interface(`corecmd_manage_all_executables',`
type bin_t;
')
@@ -3552,7 +3560,7 @@ index 9e9263a..979f47f 100644
manage_files_pattern($1, bin_t, exec_type)
manage_lnk_files_pattern($1, bin_t, bin_t)
')
-@@ -1091,3 +1159,36 @@ interface(`corecmd_mmap_all_executables',`
+@@ -1091,3 +1160,36 @@ interface(`corecmd_mmap_all_executables',`
mmap_files_pattern($1, bin_t, exec_type)
')
@@ -18381,10 +18389,10 @@ index 0000000..cf6582f
+
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
new file mode 100644
-index 0000000..3c3b9b3
+index 0000000..d74943c
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,331 @@
+@@ -0,0 +1,332 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -18574,6 +18582,7 @@ index 0000000..3c3b9b3
+
+optional_policy(`
+ dbus_role_template(unconfined, unconfined_r, unconfined_t)
++ role system_r types unconfined_dbusd_t;
+
+ optional_policy(`
+ unconfined_domain(unconfined_dbusd_t)
@@ -22530,7 +22539,7 @@ index 6bf0ecc..d740738 100644
+ dontaudit $1 xserver_log_t:dir search_dir_perms;
+')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 2696452..63fd06a 100644
+index 2696452..0426df3 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -26,28 +26,59 @@ gen_require(`
@@ -22876,7 +22885,7 @@ index 2696452..63fd06a 100644
ssh_sigchld(xauth_t)
ssh_read_pipes(xauth_t)
ssh_dontaudit_rw_tcp_sockets(xauth_t)
-@@ -299,64 +408,108 @@ optional_policy(`
+@@ -299,64 +408,109 @@ optional_policy(`
# XDM Local policy
#
@@ -22903,10 +22912,11 @@ index 2696452..63fd06a 100644
allow xdm_t self:socket create_socket_perms;
allow xdm_t self:appletalk_socket create_socket_perms;
allow xdm_t self:key { search link write };
++allow xdm_t self:dbus { send_msg acquire_svc };
++
++allow xdm_t xauth_home_t:file manage_file_perms;
-allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
-+allow xdm_t xauth_home_t:file manage_file_perms;
-+
+allow xdm_t xconsole_device_t:fifo_file { getattr_fifo_file_perms setattr_fifo_file_perms };
+manage_dirs_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
+manage_files_pattern(xdm_t, xkb_var_lib_t, xkb_var_lib_t)
@@ -22995,7 +23005,7 @@ index 2696452..63fd06a 100644
# connect to xdm xserver over stream socket
stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -365,20 +518,27 @@ stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
+@@ -365,20 +519,27 @@ stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
@@ -23025,7 +23035,7 @@ index 2696452..63fd06a 100644
corenet_all_recvfrom_netlabel(xdm_t)
corenet_tcp_sendrecv_generic_if(xdm_t)
corenet_udp_sendrecv_generic_if(xdm_t)
-@@ -388,38 +548,48 @@ corenet_tcp_sendrecv_all_ports(xdm_t)
+@@ -388,38 +549,48 @@ corenet_tcp_sendrecv_all_ports(xdm_t)
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_generic_node(xdm_t)
corenet_udp_bind_generic_node(xdm_t)
@@ -23078,7 +23088,7 @@ index 2696452..63fd06a 100644
files_read_etc_files(xdm_t)
files_read_var_files(xdm_t)
-@@ -430,9 +600,28 @@ files_list_mnt(xdm_t)
+@@ -430,9 +601,28 @@ files_list_mnt(xdm_t)
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
@@ -23107,7 +23117,7 @@ index 2696452..63fd06a 100644
storage_dontaudit_read_fixed_disk(xdm_t)
storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -441,28 +630,45 @@ storage_dontaudit_raw_read_removable_device(xdm_t)
+@@ -441,28 +631,45 @@ storage_dontaudit_raw_read_removable_device(xdm_t)
storage_dontaudit_raw_write_removable_device(xdm_t)
storage_dontaudit_setattr_removable_dev(xdm_t)
storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -23156,7 +23166,7 @@ index 2696452..63fd06a 100644
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
userdom_create_all_users_keys(xdm_t)
-@@ -471,24 +677,144 @@ userdom_read_user_home_content_files(xdm_t)
+@@ -471,24 +678,144 @@ userdom_read_user_home_content_files(xdm_t)
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -23307,7 +23317,7 @@ index 2696452..63fd06a 100644
tunable_policy(`xdm_sysadm_login',`
userdom_xsession_spec_domtrans_all_users(xdm_t)
# FIXME:
-@@ -502,11 +828,26 @@ tunable_policy(`xdm_sysadm_login',`
+@@ -502,11 +829,26 @@ tunable_policy(`xdm_sysadm_login',`
')
optional_policy(`
@@ -23334,7 +23344,7 @@ index 2696452..63fd06a 100644
')
optional_policy(`
-@@ -514,12 +855,56 @@ optional_policy(`
+@@ -514,12 +856,56 @@ optional_policy(`
')
optional_policy(`
@@ -23391,7 +23401,7 @@ index 2696452..63fd06a 100644
hostname_exec(xdm_t)
')
-@@ -537,28 +922,78 @@ optional_policy(`
+@@ -537,28 +923,78 @@ optional_policy(`
')
optional_policy(`
@@ -23479,7 +23489,7 @@ index 2696452..63fd06a 100644
')
optional_policy(`
-@@ -570,6 +1005,14 @@ optional_policy(`
+@@ -570,6 +1006,14 @@ optional_policy(`
')
optional_policy(`
@@ -23494,7 +23504,7 @@ index 2696452..63fd06a 100644
xfs_stream_connect(xdm_t)
')
-@@ -594,8 +1037,11 @@ allow xserver_t input_xevent_t:x_event send;
+@@ -594,8 +1038,11 @@ allow xserver_t input_xevent_t:x_event send;
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -23507,7 +23517,7 @@ index 2696452..63fd06a 100644
allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow xserver_t self:fd use;
allow xserver_t self:fifo_file rw_fifo_file_perms;
-@@ -608,8 +1054,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
+@@ -608,8 +1055,15 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xserver_t self:tcp_socket create_stream_socket_perms;
allow xserver_t self:udp_socket create_socket_perms;
@@ -23523,7 +23533,7 @@ index 2696452..63fd06a 100644
manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
manage_sock_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
-@@ -617,6 +1070,10 @@ files_tmp_filetrans(xserver_t, xserver_tmp_t, { file dir sock_file })
+@@ -617,6 +1071,10 @@ files_tmp_filetrans(xserver_t, xserver_tmp_t, { file dir sock_file })
filetrans_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t, sock_file)
@@ -23534,7 +23544,7 @@ index 2696452..63fd06a 100644
manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
manage_lnk_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-@@ -628,12 +1085,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
+@@ -628,12 +1086,19 @@ manage_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
@@ -23556,7 +23566,7 @@ index 2696452..63fd06a 100644
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
-@@ -641,12 +1105,12 @@ kernel_read_modprobe_sysctls(xserver_t)
+@@ -641,12 +1106,12 @@ kernel_read_modprobe_sysctls(xserver_t)
# Xorg wants to check if kernel is tainted
kernel_read_kernel_sysctls(xserver_t)
kernel_write_proc_files(xserver_t)
@@ -23570,7 +23580,7 @@ index 2696452..63fd06a 100644
corenet_all_recvfrom_netlabel(xserver_t)
corenet_tcp_sendrecv_generic_if(xserver_t)
corenet_udp_sendrecv_generic_if(xserver_t)
-@@ -667,23 +1131,28 @@ dev_rw_apm_bios(xserver_t)
+@@ -667,23 +1132,28 @@ dev_rw_apm_bios(xserver_t)
dev_rw_agp(xserver_t)
dev_rw_framebuffer(xserver_t)
dev_manage_dri_dev(xserver_t)
@@ -23602,7 +23612,7 @@ index 2696452..63fd06a 100644
# brought on by rhgb
files_search_mnt(xserver_t)
-@@ -694,7 +1163,16 @@ fs_getattr_xattr_fs(xserver_t)
+@@ -694,7 +1164,16 @@ fs_getattr_xattr_fs(xserver_t)
fs_search_nfs(xserver_t)
fs_search_auto_mountpoints(xserver_t)
fs_search_ramfs(xserver_t)
@@ -23620,7 +23630,7 @@ index 2696452..63fd06a 100644
mls_xwin_read_to_clearance(xserver_t)
selinux_validate_context(xserver_t)
-@@ -708,20 +1186,18 @@ init_getpgid(xserver_t)
+@@ -708,20 +1187,18 @@ init_getpgid(xserver_t)
term_setattr_unallocated_ttys(xserver_t)
term_use_unallocated_ttys(xserver_t)
@@ -23644,7 +23654,7 @@ index 2696452..63fd06a 100644
userdom_search_user_home_dirs(xserver_t)
userdom_use_user_ttys(xserver_t)
-@@ -729,8 +1205,6 @@ userdom_setattr_user_ttys(xserver_t)
+@@ -729,8 +1206,6 @@ userdom_setattr_user_ttys(xserver_t)
userdom_read_user_tmp_files(xserver_t)
userdom_rw_user_tmpfs_files(xserver_t)
@@ -23653,7 +23663,7 @@ index 2696452..63fd06a 100644
ifndef(`distro_redhat',`
allow xserver_t self:process { execmem execheap execstack };
domain_mmap_low_uncond(xserver_t)
-@@ -775,16 +1249,44 @@ optional_policy(`
+@@ -775,16 +1250,44 @@ optional_policy(`
')
optional_policy(`
@@ -23699,7 +23709,7 @@ index 2696452..63fd06a 100644
unconfined_domtrans(xserver_t)
')
-@@ -793,6 +1295,10 @@ optional_policy(`
+@@ -793,6 +1296,10 @@ optional_policy(`
')
optional_policy(`
@@ -23710,7 +23720,7 @@ index 2696452..63fd06a 100644
xfs_stream_connect(xserver_t)
')
-@@ -808,10 +1314,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
+@@ -808,10 +1315,10 @@ allow xserver_t xdm_t:shm rw_shm_perms;
# NB we do NOT allow xserver_t xdm_var_lib_t:dir, only access to an open
# handle of a file inside the dir!!!
@@ -23724,7 +23734,7 @@ index 2696452..63fd06a 100644
# Label pid and temporary files with derived types.
manage_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -819,7 +1325,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
+@@ -819,7 +1326,7 @@ manage_lnk_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
manage_sock_files_pattern(xserver_t, xdm_tmp_t, xdm_tmp_t)
# Run xkbcomp.
@@ -23733,7 +23743,7 @@ index 2696452..63fd06a 100644
can_exec(xserver_t, xkb_var_lib_t)
# VNC v4 module in X server
-@@ -832,26 +1338,21 @@ init_use_fds(xserver_t)
+@@ -832,26 +1339,21 @@ init_use_fds(xserver_t)
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -23768,7 +23778,7 @@ index 2696452..63fd06a 100644
')
optional_policy(`
-@@ -902,7 +1403,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
+@@ -902,7 +1404,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy
allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show };
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -23777,7 +23787,7 @@ index 2696452..63fd06a 100644
# operations allowed on all windows
allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child };
-@@ -956,11 +1457,31 @@ allow x_domain self:x_resource { read write };
+@@ -956,11 +1458,31 @@ allow x_domain self:x_resource { read write };
# can mess with the screensaver
allow x_domain xserver_t:x_screen { getattr saver_getattr };
@@ -23809,7 +23819,7 @@ index 2696452..63fd06a 100644
tunable_policy(`! xserver_object_manager',`
# should be xserver_unconfined(x_domain),
# but typeattribute doesnt work in conditionals
-@@ -982,18 +1503,150 @@ tunable_policy(`! xserver_object_manager',`
+@@ -982,18 +1504,150 @@ tunable_policy(`! xserver_object_manager',`
allow x_domain xevent_type:{ x_event x_synthetic_event } *;
')
@@ -30235,7 +30245,7 @@ index b50c5fe..2faaaf2 100644
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
+
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
-index 4e94884..55d2481 100644
+index 4e94884..9b82ed0 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
@@ -30397,7 +30407,7 @@ index 4e94884..55d2481 100644
+#
+interface(`logging_relabel_syslog_pid_socket',`
+ gen_require(`
-+ type devlog_t;
++ type syslogd_var_run_t;
+ ')
+
+ allow $1 syslogd_var_run_t:sock_file relabel_sock_file_perms;
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 13a4016..e8b95e6 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -9774,10 +9774,15 @@ index 4ec0626..88e7e89 100644
userdom_dontaudit_use_unpriv_user_fds(canna_t)
diff --git a/ccs.if b/ccs.if
-index 5ded72d..c1b4d35 100644
+index 5ded72d..cb94e5e 100644
--- a/ccs.if
+++ b/ccs.if
-@@ -102,16 +102,20 @@ interface(`ccs_admin',`
+@@ -98,20 +98,24 @@ interface(`ccs_manage_config',`
+ interface(`ccs_admin',`
+ gen_require(`
+ type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
+- type ccs_var_lib_t_t, ccs_var_log_t;
++ type ccs_var_lib_t, ccs_var_log_t;
type ccs_var_run_t, ccs_tmp_t;
')
@@ -12633,7 +12638,7 @@ index 23dc348..7cc536b 100644
/usr/sbin/condor_collector -- gen_context(system_u:object_r:condor_collector_exec_t,s0)
/usr/sbin/condor_master -- gen_context(system_u:object_r:condor_master_exec_t,s0)
diff --git a/condor.if b/condor.if
-index 3fe3cb8..b8e08c6 100644
+index 3fe3cb8..5fe84a6 100644
--- a/condor.if
+++ b/condor.if
@@ -1,81 +1,397 @@
@@ -13046,7 +13051,7 @@ index 3fe3cb8..b8e08c6 100644
+interface(`condor_admin',`
+ gen_require(`
+ attribute condor_domain;
-+ type condor_initrc_exec_config_t, condor_log_t;
++ type condor_initrc_exec_t, condor_log_t;
+ type condor_var_lib_t, condor_var_lock_t, condor_schedd_tmp_t;
+ type condor_var_run_t, condor_startd_tmp_t;
+ type condor_unit_file_t;
@@ -20898,7 +20903,7 @@ index 23ab808..4a801b5 100644
/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
diff --git a/dnsmasq.if b/dnsmasq.if
-index 19aa0b8..531cf03 100644
+index 19aa0b8..1e8b244 100644
--- a/dnsmasq.if
+++ b/dnsmasq.if
@@ -10,7 +10,6 @@
@@ -21107,11 +21112,12 @@ index 19aa0b8..531cf03 100644
')
########################################
-@@ -267,12 +354,17 @@ interface(`dnsmasq_spec_filetrans_pid',`
+@@ -267,12 +354,18 @@ interface(`dnsmasq_spec_filetrans_pid',`
interface(`dnsmasq_admin',`
gen_require(`
type dnsmasq_t, dnsmasq_lease_t, dnsmasq_var_run_t;
- type dnsmasq_initrc_exec_t, dnsmasq_var_log_t;
++ type dnsmasq_var_log_t;
+ type dnsmasq_initrc_exec_t;
+ type dnsmasq_unit_file_t;
')
@@ -21127,7 +21133,7 @@ index 19aa0b8..531cf03 100644
init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 dnsmasq_initrc_exec_t system_r;
-@@ -281,9 +373,13 @@ interface(`dnsmasq_admin',`
+@@ -281,9 +374,13 @@ interface(`dnsmasq_admin',`
files_list_var_lib($1)
admin_pattern($1, dnsmasq_lease_t)
@@ -23594,7 +23600,7 @@ index 5cf6ac6..0fc685b 100644
+ allow $1 firewalld_unit_file_t:service all_service_perms;
')
diff --git a/firewalld.te b/firewalld.te
-index c8014f8..64e18e1 100644
+index c8014f8..2888d51 100644
--- a/firewalld.te
+++ b/firewalld.te
@@ -21,11 +21,20 @@ logging_log_file(firewalld_var_log_t)
@@ -23619,7 +23625,15 @@ index c8014f8..64e18e1 100644
dontaudit firewalld_t self:capability sys_tty_config;
allow firewalld_t self:fifo_file rw_fifo_file_perms;
allow firewalld_t self:unix_stream_socket { accept listen };
-@@ -40,11 +49,21 @@ allow firewalld_t firewalld_var_log_t:file read_file_perms;
+@@ -33,6 +42,7 @@ allow firewalld_t self:udp_socket create_socket_perms;
+
+ manage_dirs_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
+ manage_files_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
++manage_lnk_files_pattern(firewalld_t, firewalld_etc_rw_t, firewalld_etc_rw_t)
+
+ allow firewalld_t firewalld_var_log_t:file append_file_perms;
+ allow firewalld_t firewalld_var_log_t:file create_file_perms;
+@@ -40,11 +50,21 @@ allow firewalld_t firewalld_var_log_t:file read_file_perms;
allow firewalld_t firewalld_var_log_t:file setattr_file_perms;
logging_log_filetrans(firewalld_t, firewalld_var_log_t, file)
@@ -23641,7 +23655,7 @@ index c8014f8..64e18e1 100644
corecmd_exec_bin(firewalld_t)
corecmd_exec_shell(firewalld_t)
-@@ -53,20 +72,17 @@ dev_read_urand(firewalld_t)
+@@ -53,20 +73,17 @@ dev_read_urand(firewalld_t)
domain_use_interactive_fds(firewalld_t)
@@ -23667,7 +23681,7 @@ index c8014f8..64e18e1 100644
optional_policy(`
dbus_system_domain(firewalld_t, firewalld_exec_t)
-@@ -85,6 +101,10 @@ optional_policy(`
+@@ -85,6 +102,10 @@ optional_policy(`
')
optional_policy(`
@@ -28851,10 +28865,10 @@ index 0000000..f4659d1
+/var/run/gssproxy\.sock -s gen_context(system_u:object_r:gssproxy_var_run_t,s0)
diff --git a/gssproxy.if b/gssproxy.if
new file mode 100644
-index 0000000..28263c7
+index 0000000..4bd5abf
--- /dev/null
+++ b/gssproxy.if
-@@ -0,0 +1,204 @@
+@@ -0,0 +1,203 @@
+
+## policy for gssproxy
+
@@ -28989,7 +29003,6 @@ index 0000000..28263c7
+ ')
+
+ systemd_exec_systemctl($1)
-+ systemd_read_fifo_file_password_run($1)
+ allow $1 gssproxy_unit_file_t:file read_file_perms;
+ allow $1 gssproxy_unit_file_t:service manage_service_perms;
+
@@ -29927,6 +29940,21 @@ index ecad9c7..86d790f 100644
optional_policy(`
seutil_use_newrole_fds(irc_t)
')
+diff --git a/ircd.if b/ircd.if
+index ade9803..3620c9a 100644
+--- a/ircd.if
++++ b/ircd.if
+@@ -33,8 +33,8 @@ interface(`ircd_admin',`
+
+ files_search_etc($1)
+ admin_pattern($1, ircd_etc_t)
+-
+- logging_search_log($1)
++
++ logging_search_logs($1)
+ admin_pattern($1, ircd_log_t)
+
+ files_search_var_lib($1)
diff --git a/ircd.te b/ircd.te
index e9f746e..40e440c 100644
--- a/ircd.te
@@ -37838,7 +37866,7 @@ index a83894c..481dca3 100644
+
+/usr/lib/systemd/system/ModemManager.service -- gen_context(system_u:object_r:modemmanager_unit_file_t,s0)
diff --git a/modemmanager.if b/modemmanager.if
-index b1ac8b5..90ca430 100644
+index b1ac8b5..d65017f 100644
--- a/modemmanager.if
+++ b/modemmanager.if
@@ -21,6 +21,30 @@ interface(`modemmanager_domtrans',`
@@ -37860,7 +37888,7 @@ index b1ac8b5..90ca430 100644
+ ')
+
+ systemd_exec_systemctl($1)
-+ systemd_read_fifo_file_password_run($1)
++ systemd_read_fifo_file_passwd_run($1)
+ allow $1 modemmanager_unit_file_t:file read_file_perms;
+ allow $1 modemmanager_unit_file_t:service manage_service_perms;
+
@@ -38038,6 +38066,19 @@ index d287fe9..3dc493c 100644
init_dbus_chat_script(mono_t)
+diff --git a/monop.if b/monop.if
+index 8fdaece..5440757 100644
+--- a/monop.if
++++ b/monop.if
+@@ -31,7 +31,7 @@ interface(`monop_admin',`
+ role_transition $2 monopd_initrc_exec_t system_r;
+ allow $2 system_r;
+
+- logging_search_etc($1)
++ logging_search_logs($1)
+ admin_pattern($1, monopd_etc_t)
+
+ files_search_pids($1)
diff --git a/monop.te b/monop.te
index 4462c0e..84944d1 100644
--- a/monop.te
@@ -46701,7 +46742,7 @@ index 8f2ab09..7b8f5ad 100644
+ allow $1 nscd_unit_file_t:service all_service_perms;
')
diff --git a/nscd.te b/nscd.te
-index df4c10f..2814186 100644
+index df4c10f..8c09c68 100644
--- a/nscd.te
+++ b/nscd.te
@@ -1,36 +1,37 @@
@@ -46851,7 +46892,7 @@ index df4c10f..2814186 100644
userdom_dontaudit_use_user_terminals(nscd_t)
userdom_dontaudit_use_unpriv_user_fds(nscd_t)
userdom_dontaudit_search_user_home_dirs(nscd_t)
-@@ -121,20 +130,30 @@ optional_policy(`
+@@ -121,20 +130,31 @@ optional_policy(`
')
optional_policy(`
@@ -46881,6 +46922,7 @@ index df4c10f..2814186 100644
- udev_read_db(nscd_t)
+ samba_read_config(nscd_t)
+ samba_read_var_files(nscd_t)
++ samba_stream_connect_nmbd(nscd_t)
')
optional_policy(`
@@ -52601,10 +52643,10 @@ index 96db654..ff3aadd 100644
+ virt_rw_svirt_dev(pcscd_t)
+')
diff --git a/pegasus.fc b/pegasus.fc
-index dfd46e4..0aead56 100644
+index dfd46e4..2e04b85 100644
--- a/pegasus.fc
+++ b/pegasus.fc
-@@ -1,15 +1,21 @@
+@@ -1,15 +1,24 @@
-/etc/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_conf_t,s0)
+
+/etc/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_conf_t,s0)
@@ -52613,27 +52655,30 @@ index dfd46e4..0aead56 100644
-/etc/rc\.d/init\.d/tog-pegasus -- gen_context(system_u:object_r:pegasus_initrc_exec_t,s0)
+/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
+/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
++
++/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
-/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-+/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
-
--/var/cache/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_cache_t,s0)
+/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
--/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
+-/var/cache/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_cache_t,s0)
+/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
--/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
+-/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
+#openlmi agents
+/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
+/usr/libexec/pegasus/cmpiLMI_Fan-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
+/usr/libexec/pegasus/cmpiLMI_LogicalFile-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_logicalfile_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_networking_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_service_exec_t,s0)
-+/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_PowerManagement-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_system_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Realmd-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_services_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_admin_exec_t,s0)
+
+-/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
++/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
diff --git a/pegasus.if b/pegasus.if
index d2fc677..ded726f 100644
--- a/pegasus.if
@@ -52735,7 +52780,7 @@ index d2fc677..ded726f 100644
')
+
diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..b6885d4 100644
+index 7bcf327..f36e1ae 100644
--- a/pegasus.te
+++ b/pegasus.te
@@ -1,17 +1,16 @@
@@ -52759,21 +52804,24 @@ index 7bcf327..b6885d4 100644
type pegasus_cache_t;
files_type(pegasus_cache_t)
-@@ -30,20 +29,199 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,213 @@ files_type(pegasus_mof_t)
type pegasus_var_run_t;
files_pid_file(pegasus_var_run_t)
+# pegasus openlmi providers
++pegasus_openlmi_domain_template(admin)
++typealias pegasus_openlmi_admin_t alias pegasus_openlmi_service_t;
++
+pegasus_openlmi_domain_template(account)
+pegasus_openlmi_domain_template(logicalfile)
-+pegasus_openlmi_domain_template(networking)
-+pegasus_openlmi_domain_template(service)
++pegasus_openlmi_domain_template(services)
+
+pegasus_openlmi_domain_template(storage)
+type pegasus_openlmi_storage_tmp_t;
+files_tmp_file(pegasus_openlmi_storage_tmp_t)
+
+pegasus_openlmi_domain_template(system)
++typealias pegasus_openlmi_system_t alias pegasus_openlmi_networking_t;
+pegasus_openlmi_domain_template(unconfined)
+
+#######################################
@@ -52862,26 +52910,38 @@ index 7bcf327..b6885d4 100644
+ # so we want to have unconfined_domain attribute for filename rules
+ unconfined_domain(pegasus_openlmi_logicalfile_t)
+')
++######################################
++#
++# pegasus openlmi networking local policy
++#
++
++optional_policy(`
++ dbus_system_bus_client(pegasus_openlmi_services_t)
++')
++
++optional_policy(`
++ realmd_dbus_chat(pegasus_openlmi_services_t)
++')
+
+######################################
+#
+# pegasus openlmi networking local policy
+#
+
-+allow pegasus_openlmi_networking_t self:capability { net_admin };
++allow pegasus_openlmi_system_t self:capability { net_admin };
+
-+allow pegasus_openlmi_networking_t self:netlink_route_socket r_netlink_socket_perms;;
-+allow pegasus_openlmi_networking_t self:udp_socket create_socket_perms;
++allow pegasus_openlmi_system_t self:netlink_route_socket r_netlink_socket_perms;;
++allow pegasus_openlmi_system_t self:udp_socket create_socket_perms;
+
-+dev_rw_sysfs(pegasus_openlmi_networking_t)
-+dev_read_urand(pegasus_openlmi_networking_t)
++dev_rw_sysfs(pegasus_openlmi_system_t)
++dev_read_urand(pegasus_openlmi_system_t)
+
+optional_policy(`
-+ dbus_system_bus_client(pegasus_openlmi_networking_t)
++ dbus_system_bus_client(pegasus_openlmi_system_t)
++')
+
-+ optional_policy(`
-+ networkmanager_dbus_chat(pegasus_openlmi_networking_t)
-+ ')
++optional_policy(`
++ networkmanager_dbus_chat(pegasus_openlmi_system_t)
+')
+
+######################################
@@ -52889,20 +52949,19 @@ index 7bcf327..b6885d4 100644
+# pegasus openlmi service local policy
+#
+
++init_disable_services(pegasus_openlmi_admin_t)
++init_enable_services(pegasus_openlmi_admin_t)
++init_reload_services(pegasus_openlmi_admin_t)
++init_exec(pegasus_openlmi_admin_t)
+
-+init_disable_services(pegasus_openlmi_service_t)
-+init_enable_services(pegasus_openlmi_service_t)
-+init_reload_services(pegasus_openlmi_service_t)
-+init_exec(pegasus_openlmi_service_t)
-+
-+systemd_config_all_services(pegasus_openlmi_service_t)
-+systemd_manage_all_unit_files(pegasus_openlmi_service_t)
-+systemd_manage_all_unit_lnk_files(pegasus_openlmi_service_t)
++systemd_config_all_services(pegasus_openlmi_admin_t)
++systemd_manage_all_unit_files(pegasus_openlmi_admin_t)
++systemd_manage_all_unit_lnk_files(pegasus_openlmi_admin_t)
+
+allow pegasus_openlmi_service_t self:udp_socket create_socket_perms;
+
+optional_policy(`
-+ dbus_system_bus_client(pegasus_openlmi_service_t)
++ dbus_system_bus_client(pegasus_openlmi_admin_t)
+')
+
+######################################
@@ -52964,7 +53023,7 @@ index 7bcf327..b6885d4 100644
allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +232,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +246,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@@ -52995,7 +53054,7 @@ index 7bcf327..b6885d4 100644
kernel_read_network_state(pegasus_t)
kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +258,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +272,21 @@ kernel_read_net_sysctls(pegasus_t)
kernel_read_xen_state(pegasus_t)
kernel_write_xen_state(pegasus_t)
@@ -53028,7 +53087,7 @@ index 7bcf327..b6885d4 100644
corecmd_exec_bin(pegasus_t)
corecmd_exec_shell(pegasus_t)
-@@ -114,6 +286,7 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,6 +300,7 @@ files_getattr_all_dirs(pegasus_t)
auth_use_nsswitch(pegasus_t)
auth_domtrans_chk_passwd(pegasus_t)
@@ -53036,7 +53095,7 @@ index 7bcf327..b6885d4 100644
domain_use_interactive_fds(pegasus_t)
domain_read_all_domains_state(pegasus_t)
-@@ -128,18 +301,25 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +315,25 @@ init_stream_connect_script(pegasus_t)
logging_send_audit_msgs(pegasus_t)
logging_send_syslog_msg(pegasus_t)
@@ -53068,7 +53127,7 @@ index 7bcf327..b6885d4 100644
')
optional_policy(`
-@@ -151,16 +331,24 @@ optional_policy(`
+@@ -151,16 +345,24 @@ optional_policy(`
')
optional_policy(`
@@ -53097,7 +53156,7 @@ index 7bcf327..b6885d4 100644
')
optional_policy(`
-@@ -168,7 +356,7 @@ optional_policy(`
+@@ -168,7 +370,7 @@ optional_policy(`
')
optional_policy(`
@@ -53120,7 +53179,7 @@ index 0000000..7b54c39
+/var/run/pesign\.pid -- gen_context(system_u:object_r:pesign_var_run_t,s0)
diff --git a/pesign.if b/pesign.if
new file mode 100644
-index 0000000..c20674c
+index 0000000..26b1f0c
--- /dev/null
+++ b/pesign.if
@@ -0,0 +1,103 @@
@@ -53181,7 +53240,7 @@ index 0000000..c20674c
+ ')
+
+ systemd_exec_systemctl($1)
-+ systemd_read_fifo_file_password_run($1)
++ systemd_read_fifo_file_passwd_run($1)
+ allow $1 pesign_unit_file_t:file read_file_perms;
+ allow $1 pesign_unit_file_t:service manage_service_perms;
+
@@ -56706,7 +56765,7 @@ index c0e8785..c0e0959 100644
+/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
/var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_flush_t,s0)
diff --git a/postfix.if b/postfix.if
-index 2e23946..589bbf2 100644
+index 2e23946..e9ac366 100644
--- a/postfix.if
+++ b/postfix.if
@@ -1,4 +1,4 @@
@@ -57145,7 +57204,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -478,30 +479,84 @@ interface(`postfix_domtrans_postqueue',`
+@@ -478,30 +479,85 @@ interface(`postfix_domtrans_postqueue',`
type postfix_postqueue_t, postfix_postqueue_exec_t;
')
@@ -57198,6 +57257,7 @@ index 2e23946..589bbf2 100644
+interface(`postfix_domtrans_postgqueue',`
+ gen_require(`
+ type postfix_postgqueue_t;
++ type postfix_postgqueue_exec_t;
+ ')
+ domtrans_pattern($1, postfix_postgqueue_exec_t,postfix_postgqueue_t)
+')
@@ -57240,7 +57300,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -514,13 +569,12 @@ interface(`postfix_exec_postqueue',`
+@@ -514,13 +570,12 @@ interface(`postfix_exec_postqueue',`
type postfix_postqueue_exec_t;
')
@@ -57255,7 +57315,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -533,13 +587,13 @@ interface(`postfix_create_private_sockets',`
+@@ -533,13 +588,13 @@ interface(`postfix_create_private_sockets',`
type postfix_private_t;
')
@@ -57271,7 +57331,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -552,13 +606,14 @@ interface(`postfix_manage_private_sockets',`
+@@ -552,13 +607,14 @@ interface(`postfix_manage_private_sockets',`
type postfix_private_t;
')
@@ -57288,7 +57348,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -571,14 +626,12 @@ interface(`postfix_domtrans_smtp',`
+@@ -571,14 +627,12 @@ interface(`postfix_domtrans_smtp',`
type postfix_smtp_t, postfix_smtp_exec_t;
')
@@ -57304,7 +57364,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -586,7 +639,7 @@ interface(`postfix_domtrans_smtp',`
+@@ -586,7 +640,7 @@ interface(`postfix_domtrans_smtp',`
##
##
#
@@ -57313,7 +57373,7 @@ index 2e23946..589bbf2 100644
gen_require(`
attribute postfix_spool_type;
')
-@@ -607,11 +660,11 @@ interface(`postfix_getattr_all_spool_files',`
+@@ -607,11 +661,11 @@ interface(`postfix_getattr_all_spool_files',`
#
interface(`postfix_search_spool',`
gen_require(`
@@ -57327,7 +57387,7 @@ index 2e23946..589bbf2 100644
')
########################################
-@@ -626,11 +679,11 @@ interface(`postfix_search_spool',`
+@@ -626,11 +680,11 @@ interface(`postfix_search_spool',`
#
interface(`postfix_list_spool',`
gen_require(`
@@ -57341,7 +57401,7 @@ index 2e23946..589bbf2 100644
')
########################################
-@@ -645,17 +698,16 @@ interface(`postfix_list_spool',`
+@@ -645,17 +699,16 @@ interface(`postfix_list_spool',`
#
interface(`postfix_read_spool_files',`
gen_require(`
@@ -57362,7 +57422,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -665,11 +717,31 @@ interface(`postfix_read_spool_files',`
+@@ -665,11 +718,31 @@ interface(`postfix_read_spool_files',`
#
interface(`postfix_manage_spool_files',`
gen_require(`
@@ -57396,7 +57456,7 @@ index 2e23946..589bbf2 100644
')
########################################
-@@ -693,8 +765,8 @@ interface(`postfix_domtrans_user_mail_handler',`
+@@ -693,8 +766,8 @@ interface(`postfix_domtrans_user_mail_handler',`
########################################
##
@@ -57407,7 +57467,7 @@ index 2e23946..589bbf2 100644
##
##
##
-@@ -710,37 +782,137 @@ interface(`postfix_domtrans_user_mail_handler',`
+@@ -710,37 +783,137 @@ interface(`postfix_domtrans_user_mail_handler',`
#
interface(`postfix_admin',`
gen_require(`
@@ -64824,10 +64884,10 @@ index 70ab68b..e97da31 100644
/var/lib/quantum(/.*)? gen_context(system_u:object_r:quantum_var_lib_t,s0)
diff --git a/quantum.if b/quantum.if
-index afc0068..5fb7731 100644
+index afc0068..7b3cfad 100644
--- a/quantum.if
+++ b/quantum.if
-@@ -2,41 +2,292 @@
+@@ -2,41 +2,293 @@
########################################
##
@@ -65056,6 +65116,7 @@ index afc0068..5fb7731 100644
+#
+interface(`quantum_stream_connect',`
+ gen_require(`
++ type quantum_t;
+ type quantum_var_lib_t;
+ ')
+
@@ -80163,7 +80224,7 @@ index 0000000..92c3638
+
+sysnet_dns_name_resolve(smsd_t)
diff --git a/smstools.if b/smstools.if
-index cbfe369..085ac13 100644
+index cbfe369..6594af3 100644
--- a/smstools.if
+++ b/smstools.if
@@ -1,5 +1,81 @@
@@ -80248,6 +80309,15 @@ index cbfe369..085ac13 100644
########################################
##
## All of the rules required to
+@@ -32,7 +108,7 @@ interface(`smstools_admin',`
+ role_transition $2 smsd_initrc_exec_t system_r;
+ allow $2 system_r;
+
+- files_search_config($1)
++ files_search_etc($1)
+ admin_pattern($1, smsd_conf_t)
+
+ files_search_var_lib($1)
diff --git a/snapper.fc b/snapper.fc
new file mode 100644
index 0000000..3f412d5
@@ -95127,7 +95197,7 @@ index 36e32df..3d08962 100644
+ manage_dirs_pattern($1, zarafa_var_lib_t, zarafa_var_lib_t)
')
diff --git a/zarafa.te b/zarafa.te
-index a4479b1..1d12d58 100644
+index a4479b1..7a9f1b6 100644
--- a/zarafa.te
+++ b/zarafa.te
@@ -1,4 +1,4 @@
@@ -95250,7 +95320,7 @@ index a4479b1..1d12d58 100644
manage_dirs_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
manage_files_pattern(zarafa_server_t, zarafa_server_tmp_t, zarafa_server_tmp_t)
files_tmp_filetrans(zarafa_server_t, zarafa_server_tmp_t, { file dir })
-@@ -109,70 +117,78 @@ files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir lnk_file }
+@@ -109,70 +117,80 @@ files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir lnk_file }
stream_connect_pattern(zarafa_server_t, zarafa_indexer_var_run_t, zarafa_indexer_var_run_t, zarafa_indexer_t)
@@ -95307,9 +95377,10 @@ index a4479b1..1d12d58 100644
-corenet_tcp_sendrecv_smtp_port(zarafa_spooler_t)
+
+auth_use_nsswitch(zarafa_spooler_t)
-+
-+########################################
-+#
+
+ ########################################
+ #
+-# Zarafa domain local policy
+# zarafa_gateway local policy
+#
+corenet_tcp_bind_pop_port(zarafa_gateway_t)
@@ -95317,8 +95388,8 @@ index a4479b1..1d12d58 100644
+#######################################
+#
+# zarafa-ical local policy
-+#
-+
+ #
+
+corenet_tcp_bind_http_cache_port(zarafa_ical_t)
+
+######################################
@@ -95326,13 +95397,12 @@ index a4479b1..1d12d58 100644
+# zarafa-monitor local policy
+#
+
-
- ########################################
- #
--# Zarafa domain local policy
++
++########################################
++#
+# zarafa domains local policy
- #
-
++#
++
+# bad permission on /etc/zarafa
allow zarafa_domain self:capability { kill dac_override chown setgid setuid };
-allow zarafa_domain self:process { setrlimit signal };
@@ -95351,10 +95421,11 @@ index a4479b1..1d12d58 100644
-
dev_read_rand(zarafa_domain)
dev_read_urand(zarafa_domain)
--
+
-logging_send_syslog_msg(zarafa_domain)
-
-miscfiles_read_localization(zarafa_domain)
++dev_read_sysfs(zarafa_domain)
diff --git a/zebra.fc b/zebra.fc
index 28ee4ca..e1b30b2 100644
--- a/zebra.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 745f844..5e39906 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 68%{?dist}
+Release: 69%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -538,6 +538,25 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Jul 31 2013 Miroslav Grepl 3.12.1-69
+- Add more aliases in pegasus.te
+- Add more fixes for *_admin interfaces
+- Add interface fixes
+- Allow nscd to stream connect to nmbd
+- Allow gnupg apps to write to pcscd socket
+- Add more fixes for openlmi provides. Fix naming and support for additionals
+- Allow fetchmail to resolve host names
+- Allow firewalld to interact also with lnk files labeled as firewalld_etc_rw_t
+- Add labeling for cmpiLMI_Fan-cimprovagt
+- Allow net_admin for glusterd
+- Allow telepathy domain to create dconf with correct labeling in /home/userX/.cache/
+- Add pegasus_openlmi_system_t
+- Fix puppet_domtrans_master() to make all puppet calling working in passenger.te
+- Fix corecmd_exec_chroot()
+- Fix logging_relabel_syslog_pid_socket interface
+- Fix typo in unconfineduser.te
+- Allow system_r to access unconfined_dbusd_t to run hp_chec
+
* Tue Jul 30 2013 Miroslav Grepl 3.12.1-68
- Allow xdm_t to act as a dbus client to itsel
- Allow fetchmail to resolve host names